Last week, Gartner held its security summit in Washington, DC. A few key themes bubbled to the top during the course of the conference.
Theme #1: Security needs a new architecture
Security architecture requirements will change radically in the coming years. Basically, security will move to a “detect and respond” approach. This was best summarized by one article that covered the conference explaining how vendors are evolving:
[Gartner analyst Neil] MacDonald noted that the need for adaptive security architectures has triggered a land-grab among vendors, large and small, trying to expand their reach, with many rapidly transforming as investors pour money into startups and acquisitions.
FireEye Inc. is at the top of the list, MacDonald said, not only with its January acquisition of Mandiant, but also recently by adding integrated, low-cost IPS capabilities to its threat prevention platform.
Theme #2: Mobile security
Many CISOs expressed mobile security and BYOD as a key area of concern. In one session, mobile application security was mentioned as a key approach to leverage. To succeed, enterprises should evaluate applications by:
- Testing application source code
- Testing application behavior
- Testing communications between the app and web services
- Automatically submitting apps for testing.
- Knowing app risk/reputation—using scores
- Combining and correlating detection with protection.
Theme #3: Incident Response is a core discipline
Under a security paradigm of detect and respond—the importance of incident response has become critical. In one session, analyst Anton Chuvakin laid out a step-by-step approach for incident response. In addition, other sessions frequently alluded to the growing importance of IR.
Theme #4: Dealing with advanced attacks
Dealing with advanced attackers was a high profile topic—with many sessions focusing on the “how-to’s” of blocking an advanced attacker. Most notably, Lawrence Orans gave a talk on the “Five Styles of Stopping Advanced Attacks.” He started the talk stating that “Traditional defense-in-depth components are still necessary, but no longer sufficient.” His framework recommends five styles of advanced threat defense that include:
- Network traffic analysis
- Payload Analysis
- Endpoint behavior analysis
- Network forensics
- Endpoint forensics
The conference highlighted a security industry experience in a great deal of flux with the onset of advanced attacks, mobility and more. At the same time, customers want things delivered via the cloud—all the while hoping for a centralized view and management capability. As always, security is changing and evolving—but this year was a little different. General consensus was that few knew where threats were going—but customers want a security architecture that can deal with today’s threats while adapting to ones we haven’t seen yet.